Duongphamm

**Name of the Vulnerable Software and Affected Versions** Umbraco versions 14.0.0 through 14.3.0 Umbraco versions prior to 15.0.0 **Description** The issue allows for cross-site scripting, which can be leveraged to gain access to higher-privilege endpoints. If a user with admin privileges runs the code, it can potentially elevate all users and grant them admin privileges or access protected content. **Recommendations** For Umbraco versions 14.0.0 through 14.3.0, update to version 14.3.1 to resolve the issue. For Umbraco versions prior to 15.0.0, update to version 15.0.0 to resolve the issue. As a temporary workaround, ensure that access to the Dictionary section is only granted to trusted users.